Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Securing Cross-App Interactions in IoT Platforms
KTH, Skolan för elektroteknik och datavetenskap (EECS), Teoretisk datalogi, TCS.ORCID-id: 0000-0001-6005-5992
University of Verona.
University of Verona.
2019 (Engelska)Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

IoT platforms enable users to connect various smart devices and online services via reactive apps running on the cloud. These apps, often developed by third-parties, perform simple computations on data triggered by external information sources and actuate the results of computation on external information sinks. Recent research shows that unintended or malicious interactions between the different (even benign) apps of a user can cause severe security and safety risks. These works leverage program analysis techniques to build tools for unveiling unexpected interference across apps for specific use cases. Despite these initial efforts, we are still lacking a semantic framework for understanding interactions between IoT apps. The question of what security policy cross-app interference embodies remains largely unexplored. This paper proposes a semantic framework capturing the essence of cross-app interactions in IoT platforms. The framework generalizes and connects syntactic enforcement mechanisms to bisimulation-based notions of security, thus providing a baseline for formulating soundness criteria of these enforcement mechanisms. Specifically, we present a calculus that models the behavioral semantics of a system of apps executing concurrently, and use it to define desirable semantic policies in the security and safety context of IoT apps. To demonstrate the usefulness of our framework, we define static mechanisms for enforcing crossapp security and safety, and prove them sound with respect to our semantic conditions. Finally, we leverage real-world apps to validate the practical benefits of our policy framework.

Ort, förlag, år, upplaga, sidor
2019.
Nationell ämneskategori
Datorsystem Annan elektroteknik och elektronik
Identifikatorer
URN: urn:nbn:se:kth:diva-251321OAI: oai:DiVA.org:kth-251321DiVA, id: diva2:1315086
Konferens
IEEE Computer Security Foundations Symposium
Anmärkning

QC 20190514

Tillgänglig från: 2019-05-10 Skapad: 2019-05-10 Senast uppdaterad: 2019-05-22Bibliografiskt granskad

Open Access i DiVA

fulltext(551 kB)120 nedladdningar
Filinformation
Filnamn FULLTEXT01.pdfFilstorlek 551 kBChecksumma SHA-512
cd6a324c7fcfa577095222ba5ba16b848c79918b9694e0b707cdb078dac9a1f345e2ede664e514e9032e3d7ee20aad45fc296c45bd1a874521d4470b676deab2
Typ fulltextMimetyp application/pdf

Övriga länkar

Conference webpage

Personposter BETA

Balliu, Musard

Sök vidare i DiVA

Av författaren/redaktören
Balliu, Musard
Av organisationen
Teoretisk datalogi, TCS
DatorsystemAnnan elektroteknik och elektronik

Sök vidare utanför DiVA

GoogleGoogle Scholar
Totalt: 120 nedladdningar
Antalet nedladdningar är summan av nedladdningar för alla fulltexter. Det kan inkludera t.ex tidigare versioner som nu inte längre är tillgängliga.

urn-nbn

Altmetricpoäng

urn-nbn
Totalt: 91 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf